problem with siteurl being changed in 1.2.1 (12 posts)

A new problem appeared with the 1.2.1 upgrade. I run behind a reverse proxy server, with siteurl set to the public address of the site. With the new 1.2.1 upgrade, code has been added to wp-login with the comment "If someone has moved WordPress let's try to detect it." This code finds that HTTP_HOST . REQUEST_URI (which are set to the internal names) doesn't match siteurl, and it promptly edits the options database, changing siteurl to the internal name.
This creates the very puzzling behavior that everything looks fine until some user tries to log in, and then not only does the login fail but the site breaks for everyone else until you go into the mysql database and fix things by hand.
Simple solution was to comment this line out of wp-login.php. Getting reverse proxies running properly is hard enough without a too-smart program changing things behind your back! Am I correct this change is meant to be a convenience, and not some obscure security fix?

Yes - I had this same problem. Thank you for your post - it made it quicker to find.
I don't think programs messing around with these URIs is a good thing. It can easily break anything unique someone might have done with their site.

I commented out the lines in wp-login.php and added some lines to my .htaccess file as suggested by Turnip.
Now I can't access my site or login because cookies may be getting blocked. I cleared my cookies, and I tried adding my address to the exceptions list but still can't connect.
I'm getting just a little bit frustrated with this :(

Quick question (and it's not one I want to try out, obviously :)
that code doesn't get invoked on an invalid login, does it? meaning, could someone who knows this bug exist take down someone else's site just by trying to login to the short URL with a fake user/pwd, while not actually logging in?
it only happens if someone successfully logs in from the short url?
just checking. the blog i admin for has been hit with an inordinate amount of spam lately and some other attacks, and the thought of anyone trying that before i had a chance to comment out those lines kinda gave me the chills for a second there.

For those who stumble along this thread, this is a known bug. You will need to manually fix your 'site_url' and 'home' values via phpmyadmin: http://www.tamba2.org.uk/wordpress/site-url/
Then, upgrade to WP v1.2.2 [or the latest Nightly Build].